Guidelines for successful authentication

Name Guidelines for successful authentication
Sources (De Angeli et al., 2005)
Synonyms None
Context Graphical authentication mechanisms for user interfaces
Item 1 Authentication mechanisms must be selected according to system, task and user requirements.
a) “Maximise usability whenever security is not paramount; otherwise make sure to educate the user to comply with the security policy .”
b) “Security is a multi-facet concept, whose basic aspects are guessability, observability and recordability (see Section 3.1). The relative importance of each of these dimensions varies according to task requirements and need to be established in advance as a fundamental system requirement.”
c) “Usability is a multi-facet concept, whose basic aspects are effectiveness, efficiency and user satisfaction (International Standard Organization (ISO), 1997). The relative importance of each of these dimensions varies according to task and user requirements and need to be established in advance as a fundamental system requirement.”
Item 2 Concrete, nameable, and distinctive colour images
are easier to remember; thus, they tend to improve all aspects of usability but they decrease security (recordability)."
“Test your image set with real users whenever possible, or use a visual database similar to those tested and reported in the literature.”
Item 3 Control the visual configuration of the challenge set by
a) “displaying distractors from different semantic categories from those in the challenge set (to increase usability);”
b) “displaying visually dissimilar distractors from those in the challenge set (to increase usability); and”
c) “using as many categories as possible so that distractors can be drawn from a wide set of possibilities (to increase security)”
Item 4 System-allocated codes
“have a positive effect on security (reducing predictability) but they may affect usability (being more difficult to remember).”
Item 5 Keys displayed in fixed locations at each authentication attempt
“increase usability but decrease security (observability).”
[Principle] Consistent Controls and Placement
Item 6 Portfolio-based solutions
“increase usability (effectiveness) and affect security, increasing guessability but decreasing observability, as a new challenge set is presented at each authentication attempt.”
Examples None
Related Guidelines Designing Graphical Authentication Mechanism Interfaces
Graphical Passwords on Smartphones
Password Guidance: Simplifying Your Approach
Tags authentication, graphical authentication
Log history [01/18/2019]: Added to repository

References

De Angeli, A., Coventry, L., Johnson, G., Renaud, K., 2005. Is a picture really worth a thousand words? Exploring the feasibility of graphical authentication systems. International Journal of Human-Computer Studies 63, 128–152. doi:https://doi.org/10.1016/j.ijhcs.2005.04.020

International Standard Organization (ISO), 1997. ISO 9241: Ergonomics requirements for office work with visual displayterminal (vdt) — parts 1–17.